You know you need to do it, but how? Law firms are rife with data and files, and they must be protected. That’s a given. The specifics, however, often elude lawyers.
All files and data should be part of a comprehensive document management approach emphasizing the files and data that are most important to preserve and recover first in the event of a disaster. In most law firms, the protection and storage of paper records and electronic files are interrelated, but each involves different security and maintenance concerns.
The natural assumption is that technology is up-to-date and files are being properly backed up and archived. However, you need to test that assumption by asking these specific questions:
- Does your firm have an accurate inventory of all of the computers and software that are in use? Every firm should have documentation of all installed software programs, the computers that each program is installed on, the users of each program, and the whereabouts of backup disks and instruction manuals.
- Are you relying on proprietary, hard-to-replace hardware and software? If so, you may find it extremely difficult to get replacements if disaster strikes.
- What are your service-level agreements with your IT vendors? Such agreements specify considerations like uptime percentage, redundancy, contact points, industry best standards practices, and availability of financing for quick replacement ordering.
- Are all your software licenses current and comprehensive? Pay careful attention to whether any licenses are site-specific (which may preclude their use at a backup recovery center) or whether there are limitations on the number of backup copies you can make. Make sure that you also understand your transfer rights to a different entity (for example, a different law firm that is temporarily assisting you in your practice).
It is a given that every firm should be backing up electronic data regularly — every day, if at all possible — and storing backup files off-site, preferably in another city or region to mitigate the impact of a widespread disaster. In addition, you should have clear requirements for what is backed up and how often the backup procedure is done. Some other considerations are as follows:
- Establish detailed procedures for your internal IT staff. Have multiple people trained in backup procedures and storage in case one or more key players are out sick, on vacation, or incapacitated. Make sure that no member of your internal IT staff is taking backup files home.
- Regularly verify your backups and test your ability to restore files. Make sure the entire procedure works — including physical transfer from the backup storage facility, as well as electronic transfer over the Internet. Examine data security and encryption procedures to make sure electronic transmittal of backup files is protected from hackers and other security breaches.
- Make sure the storage facility is temperature and humidity controlled and is protected against both fire and electronic contamination. Your data protection vendor should provide you with software that helps you to manage your storage inventory and integrate it with the vendor’s filing system. Verify all performance standards of the vendor — data integrity, delivery speed, and 24/7 access. Make special arrangements for rush service or other recovery considerations in the event of a disaster. Ensure that you can regularly visit the facility, both to make sure that it is well organized and to meet the people on whom your continuation as a firm may well depend.